VPN Connections through 506E dropping

Unanswered Question
Feb 19th, 2007

Corp has asa 5520 set up to accept vpn from clients. At remote site using cisco vpn client and going through a 506e we can initiate a vpn connection for several minutes. Then the connection is lost and can not be reistablished until the 506e is rebooted.

If I remove the 506e from the picture and only go through the cable/dls router I can connect clients without any issues.

What should I be looking at for the source of this issue on the PIX? Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Mon, 02/19/2007 - 10:12

Does it drop when a 2nd client is attempting to connect or just when 1 client is connected? If you are not running nat-t only 1 client would connect, 2nd client would connect and knock off 1st client. You would then reboot pix and knock off 2nd client. 1st client would be able to connect again until 2nd client connected and the process would repeat. Just a guess.

Kamal Malhotra Mon, 02/19/2007 - 10:16

Hi,

You might also want to look at the xlate timeout. Please also let us know if the hosts behind the PIX 506 have static IP addresses or dynamic IP addresses. If dynamic, then does it happen when the IP changes?

Please make sure that the ASA has keepalive configured.

isakmp keepalive 10 2

HTH,

Please do rate if it helps.

Regards,

Kamal

Actions

This Discussion